Computer Documentation Wiki

User Tools

Site Tools

Trace: dropbox calculations spyder
services:2fa:ssh:linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:2fa:ssh:linux [2021/04/11 17:47] – [Setup Linux ssh for key based login] deulservices:2fa:ssh:linux [2025/08/20 10:44] (current) – fix typos, emphasize security of private key jansen
Line 1: Line 1:
 ======Setup Linux ssh for key based login====== ======Setup Linux ssh for key based login======
  
-We need to create a private/public key set to allow passwordless login via ssh. To do this run the sshkey-ge command:+We need to create a private/public key set to allow passwordless login via ssh. To do this run the sshkey-gen command:
  
   $ ssh-keygen -t ecdsa   $ ssh-keygen -t ecdsa
Line 25: Line 25:
   +----[SHA256]-----+   +----[SHA256]-----+
  
-For both question about passphrase, just hit enter (we will not be using passphrases). This will also have generated two files in your personal .ssh directory:+For both questions about passphrase, just could hit enter (in that case we will not be using passphrases). Security wise it is better though you do fill in a passphrase. This will have generated two files in your personal .ssh directory:
  
   $ ls -ltr id_ecdsa*   $ ls -ltr id_ecdsa*
Line 31: Line 31:
   -rw-r--r-- 1 testuser1 users 195 Mar 22 12:13 id_ecdsa.pub   -rw-r--r-- 1 testuser1 users 195 Mar 22 12:13 id_ecdsa.pub
  
-The file id_ecdsa.pub must be transferred to the remote host. For this we can use ssh-copy-id:+The file ''id_ecdsa'' (without ''.pub'') is the **private key**. You will have to keep this file private, ie: no one should have access to it (so don't copy it on removable media, share it with anyone, leave it in any unprotected place, etc). __**Treat it as an actual key**__; anyone with access to this private key, has access to your account, as if you had handed over your house key to others. 
 + 
 +The file ''id_ecdsa.pub'' is the "public" part of the key-pair. It's something similar to the key-hole in your front door: anyone is allowed to see the key-hole, but only the person who has the private key (you!) can use that key to open it. \\ 
 +So, the file ''id_ecdsa.pub'' must be transferred to the remote host. For this we can use ssh-copy-id:
  
   $ ssh-copy-id -i ~/.ssh/id_ecdsa.pub username@remote-host   $ ssh-copy-id -i ~/.ssh/id_ecdsa.pub username@remote-host
Line 37: Line 40:
 This may produce the following message: This may produce the following message:
  
-  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_edcsa.pub"+  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_ecdsa.pub"
   The authenticity of host 'remote-host (123.123.123.123)' can't be established.   The authenticity of host 'remote-host (123.123.123.123)' can't be established.
   ECDSA key fingerprint is SHA256:tygMarTe3SOjTcY9HzldKThxQzsTeiYHg5JmjB2bxeg.   ECDSA key fingerprint is SHA256:tygMarTe3SOjTcY9HzldKThxQzsTeiYHg5JmjB2bxeg.
services/2fa/ssh/linux.1618163264.txt.gz · Last modified: by deul

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki